Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution

Description: A memory corruption issue existed in the Accelerate Framework in multi-threading mode. This issue was addressed through improved accessor element validation and improved object locking.

CVE-ID

CVE-2015-5940 : Apple

Bom

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: A file traversal vulnerability existed in the handling of CPIO archives. This issue was addressed through improved validation of metadata.

CVE-ID

CVE-2015-7006 : Mark Dowd at Azimuth Security

CFNetwork

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a maliciously crafted website may lead to cookies being overwritten

Description: A parsing issue existed when handling cookies with different letter casing. This issue was addressed through improved parsing.

CVE-ID

CVE-2015-7023 : Marvin Scholz; Xiaofeng Zheng and Jinjin Liang of Tsinghua University, Jian Jiang of University of California, Berkeley, Haixin Duan of Tsinghua University and International Computer Science Institute, Shuo Chen of Microsoft Research Redmond, Tao Wan of Huawei Canada, Nicholas Weaver of International Computer Science Institute and University of California, Berkeley, coordinated via CERT/CC

configd

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: A malicious application may be able to elevate privileges

Description: A heap based buffer overflow issue existed in the DNS client library. A malicious application with the ability to spoof responses from the local configd service may have been able to cause arbitrary code execution in DNS clients.

CVE-ID

CVE-2015-7015 : PanguTeam

CoreGraphics

Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later

Impact: Visiting a maliciously crafted website may lead to arbitrary code execution